Small Vendors Issue Security Challenge To Large Competitors
Group of four says some competitors aren't providing acceptable protection against hackers.
Four vendors of application security products have created an alliance to challenge the ability of large-scale vendors--such as Check Point Software Technologies, Cisco Systems, Juniper Networks, McAfee, and Symantec--to protect customers from hacker attacks and other security breaches.
On Monday at the Computer Security Institute Conference in Washington, D.C., the CEOs of F5 Networks, Imperva, NetContinuum, and Teros challenged their larger rivals to join them in putting their products to the test before ICSA Labs, an independent information security product certifier. Their stated goal is to promote more consistent metrics for customers to evaluate products.
The situation, as these upstarts describe it, is a growing market for Web application security--which the Yankee Group tags at $2 billion over the next five years--and suspect claims from vendors about the capabilities of their products.
In a prepared statement, the foursome suggests that some vendors are selling security short. "We are united regarding the minimum criteria that any security product must meet to provide acceptable protection for mission-critical Web applications," the companies state. "We believe these minimums are not being met by many vendors, despite marketing claims that strongly imply such protection. The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data loss threats. Our goal is to pave the way for minimum standards that will ensure the safety of consumers as well as corporate and government environments on the Web."
The application security vendors "normally don't talk to each other," says Bob Walters, CEO of Teros. "But we came together to help improve the situation." Gene Banman, CEO of NetContinuum, notes that his company and its allies have built their businesses around better Web application security.
"It's pretty remarkable that these companies have come together," says James Slaby, an analyst with the Yankee Group. "It shows the difficulty of competing against entrenched incumbents."
The criticisms are accurate, Slaby says. The smaller, specialized vendors offer application-specific security that considers the context of external network requests, as opposed to generic packet filtering typically offered by the larger vendors. Slaby suggests that packet filtering is not enough to identify some attacks.
Even so, it may be tough for the specialized vendors to convince the market of their merits. "The buyers want to believe what the big guys are telling them," Slaby observes. He adds that the major players in the security market are probably aware of their deficiencies and may correct them through future development or by acquiring companies and their technologies.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.